lnencrypt: add ECDHEncryptor

With this commit we add a new way to encrypt and decrypt a sensitive payload: By using Diffie-Hellman over a local and remote key to derive at a shared secret key.
2024-11-19 01:43:16 +01:00 · 2023-11-16 07:59:22 -06:00 · 2023-11-16 07:59:22 -06:00 · b6abede4a3
commit b6abede4a3
parent 375bc6950c
2 changed files with 65 additions and 45 deletions
--- a/lnencrypt/crypto.go
+++ b/lnencrypt/crypto.go
@ -5,8 +5,8 @@ import (
 	"crypto/sha256"
 	"fmt"
 	"io"
-	"io/ioutil"

+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/lightningnetwork/lnd/keychain"
 	"golang.org/x/crypto/chacha20poly1305"
 )
@ -69,6 +69,25 @@ func KeyRingEncrypter(keyRing keychain.KeyRing) (*Encrypter, error) {
 	}, nil
 }

+// ECDHEncrypter derives an encryption key by performing an ECDH operation on
+// the passed keys. The resulting key is used to encrypt or decrypt files with
+// sensitive content.
+func ECDHEncrypter(localKey *btcec.PrivateKey,
+	remoteKey *btcec.PublicKey) (*Encrypter, error) {
+
+	ecdh := keychain.PrivKeyECDH{
+		PrivKey: localKey,
+	}
+	encryptionKey, err := ecdh.ECDH(remoteKey)
+	if err != nil {
+		return nil, fmt.Errorf("error deriving encryption key: %w", err)
+	}
+
+	return &Encrypter{
+		encryptionKey: encryptionKey[:],
+	}, nil
+}
+
 // EncryptPayloadToWriter attempts to write the set of provided bytes into the
 // passed io.Writer in an encrypted form. We use a 24-byte chachapoly AEAD
 // instance with a randomized nonce that's pre-pended to the final payload and
@ -112,7 +131,7 @@ func (e Encrypter) DecryptPayloadFromReader(payload io.Reader) ([]byte,

 	// Next, we'll read out the entire blob as we need to isolate the nonce
 	// from the rest of the ciphertext.
-	packedPayload, err := ioutil.ReadAll(payload)
+	packedPayload, err := io.ReadAll(payload)
 	if err != nil {
 		return nil, err
 	}
--- a/lnencrypt/crypto_test.go
+++ b/lnencrypt/crypto_test.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"testing"

+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/stretchr/testify/require"
 )

@ -35,7 +36,8 @@ func TestEncryptDecryptPayload(t *testing.T) {
 		{
 			plaintext: []byte("payload test plain text"),
 			mutator: func(p *[]byte) {
-				// Flip a byte in the payload to render it invalid.
+				// Flip a byte in the payload to render it
+				// invalid.
 				(*p)[0] ^= 1
 			},
 			valid: false,
@ -53,23 +55,32 @@ func TestEncryptDecryptPayload(t *testing.T) {
 	}

 	keyRing := &MockKeyRing{}
-
-	for i, payloadCase := range payloadCases {
-		var cipherBuffer bytes.Buffer
-		encrypter, err := KeyRingEncrypter(keyRing)
+	keyRingEnc, err := KeyRingEncrypter(keyRing)
 	require.NoError(t, err)

-		// First, we'll encrypt the passed payload with our scheme.
-		err = encrypter.EncryptPayloadToWriter(
+	_, pubKey := btcec.PrivKeyFromBytes([]byte{0x01, 0x02, 0x03, 0x04})
+
+	privKey, err := btcec.NewPrivateKey()
+	require.NoError(t, err)
+	privKeyEnc, err := ECDHEncrypter(privKey, pubKey)
+	require.NoError(t, err)
+
+	for _, payloadCase := range payloadCases {
+		payloadCase := payloadCase
+		for _, enc := range []*Encrypter{keyRingEnc, privKeyEnc} {
+			enc := enc
+
+			// First, we'll encrypt the passed payload with our
+			// scheme.
+			var cipherBuffer bytes.Buffer
+			err = enc.EncryptPayloadToWriter(
 				payloadCase.plaintext, &cipherBuffer,
 			)
-		if err != nil {
-			t.Fatalf("unable encrypt paylaod: %v", err)
-		}
+			require.NoError(t, err)

-		// If we have a mutator, then we'll wrong the mutator over the
-		// cipher text, then reset the main buffer and re-write the new
-		// cipher text.
+			// If we have a mutator, then we'll wrong the mutator
+			// over the cipher text, then reset the main buffer and
+			// re-write the new cipher text.
 			if payloadCase.mutator != nil {
 				cipherText := cipherBuffer.Bytes()

@ -79,28 +90,20 @@ func TestEncryptDecryptPayload(t *testing.T) {
 				cipherBuffer.Write(cipherText)
 			}

-		plaintext, err := encrypter.DecryptPayloadFromReader(
+			plaintext, err := enc.DecryptPayloadFromReader(
 				&cipherBuffer,
 			)

-		switch {
-		// If this was meant to be a valid decryption, but we failed,
-		// then we'll return an error.
-		case err != nil && payloadCase.valid:
-			t.Fatalf("unable to decrypt valid payload case %v", i)
+			if !payloadCase.valid {
+				require.Error(t, err)

-		// If this was meant to be an invalid decryption, and we didn't
-		// fail, then we'll return an error.
-		case err == nil && !payloadCase.valid:
-			t.Fatalf("payload was invalid yet was able to decrypt")
+				continue
 			}

-		// Only if this case was mean to be valid will we ensure the
-		// resulting decrypted plaintext matches the original input.
-		if payloadCase.valid &&
-			!bytes.Equal(plaintext, payloadCase.plaintext) {
-			t.Fatalf("#%v: expected %v, got %v: ", i,
-				payloadCase.plaintext, plaintext)
+			require.NoError(t, err)
+			require.Equal(
+				t, plaintext, payloadCase.plaintext,
+			)
 		}
 	}
 }
@ -111,7 +114,5 @@ func TestInvalidKeyGeneration(t *testing.T) {
 	t.Parallel()

 	_, err := KeyRingEncrypter(&MockKeyRing{true})
-	if err == nil {
-		t.Fatal("expected error due to fail key gen")
-	}
+	require.Error(t, err)
 }